0001-do-not-allow-unauthenticated-access-to-unlink-page-2.patch
src/authentic2_auth_fc/views.py | ||
---|---|---|
488 | 488 |
return kwargs |
489 | 489 | |
490 | 490 |
def dispatch(self, request, *args, **kwargs): |
491 |
if not request.user.is_authenticated(): |
|
492 |
raise PermissionDenied() |
|
491 | 493 |
# We prevent unlinking if the user has no usable password and can't change it |
492 | 494 |
# because we assume that the password is the unique other mean of authentication |
493 | 495 |
# and unlinking would make the account unreachable. |
494 |
- |